Add Spring Security

[knjk04]

Add Spring security with roles ('user' and 'admin').

All queries should be accessible without being authenticated. Mutations should only be allowed for those with admin access.

[pranatimittal]

Hey, I would like to try adding user/admin roles. Can I?

[knjk04]

Hi @pranatimittal, sure, I'll assign you to the issue. Thanks!

[pranatimittal]

@knjk04 could you help me get started? I have never worked with dgs and spring security and interested to lean it

[machinalny]

Hey, @knjk04 How user should be authorized? Basic Auth? Bearer Token? Oauth? Maybe API Key?

[knjk04]

@pranatimittal For both DGS and Spring Security, but particularly DGS, I recommend looking at the official documentation. DGS is quite new, so there may be relatively few tutorials out there. They have a page on Spring security. You can also walk through the tutorials on the site to find out how it works.

For Spring Security specifically, there are lots of good tutorials online, so you can find what works best for you.

I've noticed that security comes under the advanced section in the DGS documentation, so I've removed the 'good first issue' label.

If you don't mind, I'll unassign you from this issue as it may be trickier for a beginner (although, definitely doable) than I initially thought. I'll see if there's something else for you to pick it up. It looks like @machinalny has some experience with this, so I think they'll be a better fit for this.

[knjk04]

Hi @machinalny, good question! API key would be great. Are you happy for me to assign you to this?

[machinalny]

Hi @knjk04, thanks! You can assign it to me, ;)

[knjk04]

@machinalny How are you getting on with this?

[knjk04]

@machinalny Unassigning due to no response